Our systems run on Heroku which sits on top of Amazon AWS. All systems are located in the United States availability zones. Application logs are stripped of sensitive data, collected by LogEntries, and stored for fourteen days.
Email support@doubleloop.app, engineering@doubleloop.app, or use the Slack channel #it_support to alert the full team of the issue using the Incident Intake Report Format template. The Response Team will add an action plan to the original intake report. The full Incident Report should contain the following:
Incident Intake Report
- Name/Contact Person:
- Date of Incident/First noticed:
- IP Address breached (if any)
- Physical location of breached system (if any) Types of data affected:
- Detailed description of compromised files:
Incident Response Plan
- Severity:
- Incident Status:
- Actions Taken:
- Chain of custody (hardware if any): Impact Assessments:
- Contact info (involved parties): Gathered Evidence/Data:
- Next Steps:
Low and medium severity issues are incidents of suspicions and odd behaviors. They have not been verified and require further investigation. An issue assessed as Low/Medium has no indication of tangible risk and does not require an emergency response. These types of issues include but are not limited to suspicious emails, texts, and phone calls.
High severity issues are incidents where an active exploit has not happened, but is likely. These should be addressed in the method above but with the added note of “URGENT” in the subject line or Slack message. These types of issues include newly discovered backdoors, malware, or any suspected malicious access to our systems.
Critical severity issues are incidents showing active exploitation of our systems and/or data. These types of issues include but are not limited to malicious access to systems (including email,) Slack, or systems with PII such as the DoubleLoop Platform and/or our servers.
Critical issues should be handled as such be sent directly to: slt@doubleloop.app, engineering@doubleloop.app , or support@doubleloop.app, with “CRITICAL” in the subject line and posting to the #it_support Slack channel with “CRITICAL” in the message.
Response Steps
- For Low and Medium severity issues, the Head of Product will coordinate with the VP Engineering to assess actual severity and respond accordingly.
- For High and Critical Severity incidents, the full Incident Response Team will immediately convene to assess actual severity and determine a plan of action to immediately address and mitigate the existing issue.
- Meetings will occur daily or weekly depending on severity until the issue is resolved.
- A follow up retrospective will be conducted by the response team to review the incident and response, and apply any lessons learned to improve security measures and the company response process.
- The Incident Response Team will periodically present a report on Security Incidents to the Senior Leadership Team for review.
Depending on the sensitivity of information and severity of the breach we will, from time to time, notify third parties of any incidents on an as-needed basis.